Appendix B

Privacy Policy Under U.S. State Consumer Privacy Laws

This additional Privacy Policy Under U.S. State Consumer Privacy Laws (“U.S. Policy”) supplements our general privacy policy available here: www.tailorbrands.com/pp and applies if the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”) or any other U.S. state consumer privacy laws apply to our processing of personal data related to you.

Our general privacy policy describes what categories of personal data we collect, the sources from which we obtain it, the purposes of processing it, the situations where we will share it, and with whom. The first five chapters of this U.S. Policy also serve as a notice at collection, where required under U.S. State Consumer Privacy Laws. 

This U.S. Policy supersedes any contradicting provisions under our general privacy policy.

In this U.S. Policy, the term “personal data” will also include personal information (as defined under applicable US state privacy laws) and any equivalent term under U.S. State Consumer Privacy Laws. 

1. Categories of Personal Data. We collect the categories of personal data related to you described in our general privacy policy under the section titled “What types of personal data do we process?”. Such data consists of the following categories:

1.1. Identifiers and Personal data categories listed in the applicable laws, such as the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

1.2. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with our Services.

1.3. Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

1.4. Geolocation data, namely your physical location or movements.

1.5. Inferences drawn from any of the above-mentioned information.

2. Categories of Personal Data Sources. We obtain the categories of personal data related to you listed above from the following categories of sources:

2.1. Directly and indirectly from you and your activity on our Services.

2.2. Third parties such as reliable service providers.

3. Purposes of Collection and Use. We use the personal data related to you that we collect or receive for the purposes mentioned under our general privacy policy, under the section titled “What do we do with personal data?”.

4. Sharing and Selling Personal Data

4.1. We disclose personal data related to you to third parties for business purposes as described under our general privacy policy, under the section titled “With whom do we share personal data?”.

4.2. We do not sell or share personal data. However, we engage third parties to provide us with services such as analytics, marketing automation and customer experience and allow them to collect personal data on our Services.

4.3. We do not knowingly sell or share the personal data of consumers who are under 18 years of age.

4.4. The categories of personal data collected by these third parties in the preceding 12 months include identifiers, online activities and inferences drawn from such activities.

4.5. These third parties do not pay us for collecting such information, but the right granted to them to collect personal data can be considered as disclosure for the purpose of sale or sharing for cross-context behavioral advertising. At any time, you can opt out of the collection of personal data by our service Providers by contacting us.

4.6. You can opt out of the selling, sharing, or the otherwise disclosure of personal data related to you for cross-contextual or targeted advertising, by visiting our “Notice of Right to Opt-Out of Sale/Sharing of Personal Data” available here. You can also contact us at [email protected] if you require assistance.

5. Retention. The criteria we use to determine the period of time for which we will retain personal data collected about you is detailed under our general privacy policy, under the section titled “For how long do we retain personal data?”.

6. Your rights as a US State Resident. In addition to your rights under other sections under this policy, if you are a resident of California or any other applicable US State, you are also entitled to the following specific rights under the CCPA (as defined below) or other applicable US state consumer privacy acts, regarding personal data related to you:

6.1. The right to notice – you have the right to be notified of which categories of personal data about you are being collected and the purposes for which the data is being used.

6.2. Access to specific personal data and data portability rights – you have the right to request that we disclose certain information to you about our collection and use of personal data related to you over the past 12 months. Upon verification of your request, we will disclose to you:

6.2.1. The categories of personal data we collected about you.

6.2.2. The categories of sources for the personal data we collected about you.

6.2.3. Our business or commercial purpose for collecting that personal data.

6.2.4. The categories of personal data that we disclosed for a business purpose, and the categories of third parties with whom we disclosed that particular category of personal data.

6.2.5. The specific pieces of personal data that we collected about you.

6.2.6. If we disclose personal data related to you for a business purpose, we will provide you with a list that will identify the personal data categories that each category of recipient obtained.

6.3. The right to correct personal data – You have the right to request that we correct inaccurate personal data. Once we receive and confirm your request, we will use commercially reasonable efforts to correct (and direct our service providers to correct) personal data related to you, unless an exception applies.

6.4. The right to say no to the sale or sharing of personal data (opt out) – You have the right to direct Us to not sell personal data related to you. To submit an opt out request, please see the “Exercising Your Rights” section below.

6.5. Deletion rights – you have the right to request that we delete any personal data related to you. Upon confirmation of your request, we will delete personal data related to you from our records, unless an exception applies. We may deny your deletion request if retaining the data is necessary for us or our services providers to achieve a purpose that is exempt under applicable U.S state consumer privacy laws.

7. Exercising Your Rights

7.1. You can unsubscribe from our marketing communications at any time by clicking the “unsubscribe” link at the bottom of our marketing emails or by responding “STOP” or similar (as instructed by us in the specific message, where relevant) to any marketing text message.

7.2. To exercise the rights described above, please submit your request to us by sending an email message to [email protected]. Only you or a person authorized to act on your behalf can make a request related to personal data related to you. A request for access can be made by you only twice within a 12-month period. 

7.3. You must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

7.4. We cannot respond to your request or provide you with the requested personal data if we cannot verify your identity or authority to make the request and confirm the personal data related to you. We will only use the personal data provided in your request to verify your identity or authority to make the request. We may request you to provide more information to verify your identity. 

7.5. We will do our best to respond to your request within 30 days of its receipt. If we require more time (up to additional 30 days), we will inform you of the reason and extension period in writing. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

7.6. Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

7.7. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.

7.8. We will not require that you create an account in order to exercise your rights under this policy and we will not increase the cost, or decrease the availability, of our Services based solely on the fact that you have chosen to exercise one of your rights.

7.9. After receiving our reply, you can appeal against our decision by contacting us. We will review your appeal and provide you with our answer and our explanation of the reasons for our decision(s). We will also provide you with a link (to the extent available) where you can submit a complaint with the relevant Attorney General.

7.10. You can opt out of the selling, sharing, or the otherwise disclosure of personal data related to you for cross-contextual or targeted advertising, by visiting our “Notice of Right to Opt-Out of Sale/Sharing of Personal Data” available here. You can also contact us at [email protected] if you require assistance.

8. Financial Incentives for the collection of personal data

8.1. We provide these financial incentives to users for providing their feedback to us during video conference calls, or as part of online surveys, and as part of our marketing collaborations.

8.2. For the purpose of this section, “Financial Incentives” mean programs, benefits, or other offerings, including payments to consumers, for the collection, retention, sale, or sharing of personal data, including related service differences.

8.3. As part of providing our Services and website, we offer the following financial incentives:

8.3.1. Gift cards, sent to users of our Services via email, granting them a certain amount of USD that may be used via Amazon (or other vendors, as may be from time to time).

8.3.2. Tailor Brands credits, providing users of our Services a certain amount of credits which they may use within their Tailor Brands account for future subscriptions or purchases of new products.

8.4. The specific value of each financial incentive will be detailed as part of the incentive. 

8.5. You can opt-in to receiving such financial incentives by indicating that you wish to receive such Amazon Gift Card or Tailor Brands Credit where we make them available to users of our Services from time to time. The goal of our financial incentives is not to collect personal data related to you for further monetizing, but rather to incentivize you to purchase our services, or to survey your experience with our services. Accordingly, we do not generally assign a monetary value to personal data related to you in this context. 

8.6. However, if we are required by law to assign a value to personal data in the context, we each time value the personal data collected and used as being equal to the value of the Tailor Brands Credit or Amazon Gift Card value, and the calculation of the value is based on a reasonable and good-faith estimate often involving the consideration of (i) the categories of personal data collected (for example: email address, phone number, etc.), (ii) the value of the Tailor Brands Credit or Amazon Gift Card, and (iii) the value of the total purchase of Services (excluding taxes and fees). 

Last Updated: November 21, 2023.